Intuitive Surgical, with principal locations including Intuitive Surgical, Inc., 1020 Kifer Road, Sunnyvale, CA 94086, and Intuitive Surgical Sàrl, 1, Chemin des Mûriers, 1170 Aubonne, Switzerland and their affiliates (hereinafter also referred as: "Intuitive", or "We" or "Us") conducting business within the European Economic Area (EEA) or processing the personal data of data subjects within EEA understands the importance of privacy to Our customers, visitors and suppliers, business partners, employees and other individuals (hereinafter also referred as: "You" or the "User" or the "Data Subject"). We are committed to safeguarding Your privacy. We collect and store information (non-personal information and personal information or personal data) so that We can efficiently provide Our products and services and support Your interest in Our products.
We are committed to conduct Our business in accordance with all applicable Data Protection legislation/regulations of all relevant jurisdictions, including the European Union's General Data Protection Regulation 2016/679 (GDPR) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
The information We collect and how We handle it depends on the data type and what You do when You use Our services and products. We only use the information required to successfully provide the products and services requested and only for the purposes You agreed with. Therefore, to protect Your safety, You should not provide Intuitive Surgical with any personal information that is not specifically requested.
BY USING the INTUITIVE WEBSITE, YOU AGREE NOT TO DISRUPT OR INTERCEPT OUR ELECTRONIC INFORMATION POSTED ON THIS WEBSITE OR ON ANY OF OUR SERVERS. YOU ALSO AGREE NOT TO ATTEMPT TO CIRCUMVENT ANY SECURITY FEATURES OF OUR WEBSITE, AND TO ABIDE BY ALL APPLICABLE, LOCAL, STATE, FEDERAL AND INTERNATIONAL LAWS.
Information provided to Intuitive Surgical by You is not subject to the privacy rule promulgated under the US Health Insurance Portability and Accountability Act of 1996 ("HIPAA") but may be subject to the requirements of privacy laws or regulations adopted by Your state of residence.
We do not sell or rent Your personal identifying information or medical information to any third party. We may contract with reputable vendors to assist Us in processing information or delivering the items that Our customers order. These vendors are restricted from using or selling the information for any purpose, other than helping Us to provide the products and services.
INFORMATION (NON-PERSONAL AND PERSONAL DATA)
Non-Personal Information or Non-Personal Data
Non-Personal data is any information that does not identify You directly or indirectly as an individual person that We collect to help Us understand how You use Our services and products, as well as to protect and enhance them. It includes essentially the following:
browser type and browser name and language used,
access time and date of Our website
the web page from which You came directly to Our website
the web page(s) You access during Your visit
other web server log files (links clicked, terms searched, and anonymized or disconnected information that no longer allows to identify directly or indirectly the user.
Personal Information or Personal Data
Personal data is any information that identifies You directly or indirectly as an individual. It includes, but is not limited to: name, address, email address, phone number, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Definition of "personal data" may differ across jurisdictions and applicable laws and regulations. Intuitive Surgical's management of personal data may also vary depending on the country.
We collect certain personal information, such as:
personally identifying information (such as Your name, street or email address, phone number, or similar information)
Unique identifiers and preference information
Professional activity linked to utilization of Intuitive Surgical products, including utilization of da Vinci Surgical Systems or training history
All Intuitive Surgical's processing operations on Personal Data are performed in line with the following processing principles:
(i) Lawfulness, fairness and transparency
(ii) Purpose limitation
(iii) Data minimization
(v) Storage limitation
(vi) Integrity & confidentiality
AUTOMATED DATA COLLECTION
We use only essential cookies and they are necessary for the proper functioning of the site.
AWS ELB application load balancer
The cookie contains the Liferay site id for the application to work.
AWS network load balancer
Incapsula DDoS Protectiona and Web Application Firewall:cookie for linking certain sessions to a specific visitor (visitor representing a specific computer). In order to identify clients that have already visited Incapsula. The only cookie that is persistent for the duration of 12 months.
Created by Liferay application for notifying UI whether cookies are supported by browser
Cookie created by liferay to manage user session.
This cookie remembers the user's language preferences
General purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.
Incapsula DDoS Protectiona and Web Application Firewall:cookie for linking HTTP requests to a certain session (AKA visit).Re-opening the browser and accessing same site are registered as different visits.
In order to maintain existing sessions (ie, session cookie)
This cookie is managed by AWS and is used for load balancing.
YOUR (CONTROL) RIGHTS
Under the applicable data protection legislation/regulations, You have various rights in connection with the processing of Your personal information. Intuitive Surgical shall strictly uphold Your rights and is responsible for implementing adequate procedures and policies to effectively protect Your rights and monitoring compliance with applicable data protection laws and regulations. We will respond and provide information upon request without undue delay and in any event within 30 days of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
Please note that We will have to identify You in order to fulfill Your request; this requires identification documents that can prove Your identify. We will retain archival copies of the information You have requested. Until Our backups are overwritten, We will retain the information, but make no further use of Your Personal Information. You can submit Your requests via email to Our Data Protection Officer at Data.Privacy@intusurg.com
As Data Subjects, Your rights are the following:
Right to be informed
Where Personal Information is collected from You directly, Intuitive Surgical will ensure that You will receive all the information required at the time Your Personal information is obtained.
Right of access
We ensure that upon request, access to Your personal information will be granted and all the appropriate information will be provided:
The purposes of processing;
The categories of Personal Information concerned;
The recipients or categories of recipients to whom the Personal Information has been or will be disclosed, in particular, recipients in third countries or international organizations;
Where possible, the envisaged period for which the Personal Information will be stored or, if not possible, the criteria used to determine that period;
The existence of the right to request from Intuitive Surgical rectification or erasure of Personal Data or restriction of processing of Personal Information concerning the Data Subject or to object to such processing;
The right to lodge a complaint with a Data Protection Authority;
Where the Personal Information is not collected from You, any available information as to their source; and
The existence of automated decision, if any – making, including profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing.
Right to rectification
Your have the right to ask for rectification of any inaccurate Personal Data that concerns You and We will ensure that any inaccurate or incomplete information is erased, amended or rectified.
Right to erasure
You have the right to have Your Personal Data erased if any of the following apply:
The data is no longer needed for its original purpose and no new lawful purpose exists;
The lawful basis for the processing is Consent, Your withdraw that Consent, and no other lawful ground exists;
Your exercise the right to object, and We have no overriding grounds for continuing the processing;
The data has been processed unlawfully; or
Erasure is necessary for compliance with European Union Law or national law.
We will communicate any erasure of Personal Data to each Recipient to whom the data has been disclosed, unless this proves impossible or involves a disproportionate effort.
Right to restriction of processing
As a Data Subject, You have the right to request the restriction of processing of Your Personal Data if:
The accuracy of the Personal Data is contested (and only for as long as it takes to verify that accuracy);
The processing is unlawful (and You request the restriction of processing instead of the erasure of Your Personal Information);
We no longer need the Personal Data for the original purposes of the processing, but still need it for the establishment, exercise or defense of legal claims; or
There is a verification of overriding grounds pending in the context of an erasure request.
Right to data portability
The right to data portability allows You to receive the Personal Data Your have provided to a Us, in a structured, commonly used and machine – readable format, and to transmit those data to another Controller Company.
Right to object
Where processing is justified on the basis of legitimate interests, You may object to such processing, including profiling, unless Intuitive Surgical is in a position to demonstrate that compelling legitimate grounds, which override Your interests, rights and freedoms, exist for the processing or for the establishment, exercise or defense of legal claims.
Profiling and Automated Decision – Making
Where decision – making, including profiling, is based solely on automated processing and produces legal effects that concern You or similarly You are significantly affected by it, You have the right to object not to be subject to such a decision.
We do not base decision making or profiling solely on automated processing; human involvement ensures that the collaborators have the authority and competence to change the decision that concerns Your Personal Information.
DATA SHARING AND TRANSFERS
Intragroup transfers of personal data
Intuitive Surgical may transfer Personal Information to other entities.
Personal data transfers to third countries
Any transfer of Personal Information which is undergoing processing or is intended for processing after it is transferred to a third country or international organization requires special consideration and shall be carried out in compliance with data protection legislation/regulations.
As a general rule, Personal Information shall be transferred outside the EU only if adequate safeguards are in place ensuring the same level of data protection as guaranteed under the GDPR. In addition, member states are, unless the transfer is based on an adequacy decision (see below), entitled to restrict the transfer of specific categories of Personal Data under their national laws.
Pursuant to the GDPR, each Intuitive Surgical entity which is subject to the GDPR shall, amongst other things, ensure that one of the following safeguards are in place when transferring data to a recipient in a third country (i.e. Non – EU country):
a) Adequacy decision. Personal Data may be transferred if the European Commission has decided that the relevant third country or international organization ensures an adequate level of protection. The list of adequate countries can be found below:
Isle of Man
b) Appropriate safeguards. Personal Data may be transferred if one of the following appropriate safeguards are in place:
(i) Binding corporate rules for intra – group transfers;
(ii) Standard data protection clauses adopted by the European Commission or adopted by a Data Protection Authority and then approved by the European Commission;
(iii) Approved code of conduct together with binding and enforceable commitments by the third country entity to apply appropriate safeguards;
(iv) Accredited GDPR certification mechanism together with binding and enforceable commitments by the third country entity to apply appropriate safeguards; or
(v) Contractual clauses between the relevant Intuitive Surgical entities and the third country entity authorized by the Data Protection Authority.
Currently, Intuitive Surgical entities perform intragroup transfers of Personal Data on the basis of an adequacy decision or on the basis of standard contractual clauses (SCCs).
Intuitive Surgical has implemented technical and organizational security measures to protect Your Personal Data from loss, misuse or unauthorized access, disclosure, deletion or modification. It includes, among other mechanisms, secured back-up and archiving servers, access control, firewalls or encryption.
Unfortunately, however, no data transmission over the Internet is certain to be 100% secure. As a result, while We strive to protect this information, We cannot guarantee its security.
We understand the need to protect children's privacy online (We define "children" as minors Younger than 13 years of age). We do not knowingly collect or use any personal information from children. We do not knowingly allow children to register with us, order Our products, communicate with us, or to use any of Our online services. If You are a parent or guardian of a child and You become aware that he or she has provided Us with personally identifying information without Your consent, You should contact Us at Data.Privacy@intusurg.com. If We become aware that a child has provided Us with personally identifying information, We will delete this information from Our records.
If We fail to respond to Your request within the deadline, or if You are dissatisfied with Our response, You may lodge a complaint with Your data protection authority.
DATA RETENTION – DESTRUCTION
In principle, We will retain Your personal data for as long as reasonably necessary for Our legitimate business purposes. Personal Information must be kept to be available for legal or regulatory compliance. Retention deadlines vary depending on the type of data and the need to delete obsolete data is assessed on a case-by-case basis.
We are responsible for the secure destruction of Personal Information once the necessary period that was required to achieve the processing purpose ends. Such destruction must be done through a specific procedure and in order to be secure and avoid potential unlawful data processing, for instance any disclosure to Third Parties, appropriate control mechanisms to monitor the data destruction procedure are in place.
Any changes to the present will come into force when published on Any inquiry regarding the present Policy can be addressed to the Data Privacy Officer via this email Data.Privacy@intusurg.com